HAL will be down for maintenance from Friday, June 10 at 4pm through Monday, June 13 at 9am. More information
Skip to Main content Skip to Navigation

Detecting Subverted Cryptographic Protocols by Entropy Checking

Julien Olivain 1 Jean Goubault-Larrecq 1
1 SECSI - Security of information systems
LSV - Laboratoire Spécification et Vérification [Cachan], ENS Cachan - École normale supérieure - Cachan, Inria Saclay - Ile de France, CNRS - Centre National de la Recherche Scientifique : UMR8643
Abstract : What happens when your implementation of SSL or some other cryptographic protocol is subverted through a buffer overflow attack? You have been hacked, yes. Unfortunately, you may be unaware of it: because normal traffic is encrypted, most IDSs cannot monitor it. We propose a simple, yet efficient technique to detect most of such attacks, by computing the entropy of the flow and comparing it against known thresholds.
Document type :
Complete list of metadata

Contributor : Jean Goubault-Larrecq Connect in order to contact the contributor
Submitted on : Monday, April 19, 2021 - 10:53:48 AM
Last modification on : Friday, February 4, 2022 - 4:14:56 AM
Long-term archiving on: : Tuesday, July 20, 2021 - 6:09:54 PM


Files produced by the author(s)


  • HAL Id : hal-03200826, version 1


Julien Olivain, Jean Goubault-Larrecq. Detecting Subverted Cryptographic Protocols by Entropy Checking. [Research Report] LSV-06-13, LSV, ENS Cachan. 2006. ⟨hal-03200826⟩



Record views


Files downloads